What is Domain Name Server (DNS) and How Does It Work?
By: Rajat Kumar | Last Updated: June 07, 2018
Hello techies today we are going to discuss about Domain Name Server or DNS for web servers and how the all these activity works in detailed but not too deep.
Before go further here we understand what is the need of DNS in internet world and some history of DNS. As in earlier days of internet often times initialization and maintenance of an organization’s DNS infrastructure falls to the people responsible for the setting up and patching webservers, or configuring and managing the network devices. That’s why to maintaining the DNS by each organization own is big problematic and to making every patching and configuration correct every time when visitor or user want to access the web system application. Although the main needs of DNS to maintaining the records for sending user to correct IP address of domain web servers.
The large number of DNS vulnerabilities published every year and the number of ways an administrator can expose a DNS infrastructure to attack, it is imperative that those who manage DNS installations understand the principles behind DNS, in order to be able to properly secure those installations. Let’s take a look in next to understand what DNS is actually?
Domain Name Sever (DNS):
The best place to start is by defining DNS. The acronym DNS stands for Domain Name System, although some use DNS to refer to Domain Name Servers. DNS is a redundant, hierarchical, distributed database that is used to pass information about domain names.
When someone is trying to get to your website, or trying to send an email to you at your domain, that request goes out from your browser or email client to your internet service provider, like Reliance, BSNL, MTNL or even the mobile carriers like MTS, JIO, AIRTEL. Their servers that are providing you internet service at that time have lookup tables for domains that tell them if it's a website request, send it along to this IP address, or if it's an email send it to that IP address.
How DNS Actually Works:
If we consider DNS as a tree. DNS has a root, and the various Top Level Domains (TLDs) are similar to branches that shoot off the root. Each branch has smaller branches, which are Second Level Domains, and the leaves are Fully Qualified Domain Names (FQDNs), sometimes referred to as hostnames. If DNS is a tree, it is more like the Banyan Tree, in Lahaina, Maui. The Banyan was 8 ft tall when it was first planted in 1873 now it is more than 60 ft tall and it has spread over 2/3 of an acre. Much like DNS, the Banyan Tree has grown so large by dropping new roots from its branches, those roots go on to become new trunks in the Banyan Tree. The complete flow of a DNS query from workstation to response is outlined in Figure.
You can see in this work flow when user want to visit any website initially it request to its local recursive servers or internet service providers or cellular networks company.
After request received from user to information about www.zerosack.org, the recursive server check its cache memory for information related to domain, if an information not found in recursive server or in ISP, recursive server reached out to global root server that only 13 in the whole world and operated by different organization and are on different networks. 10 servers were originally in the United States; some are now operated using anycast addressing. Three servers were originally located in Stockholm (I-Root), Amsterdam (K-Root), and Tokyo (M-Root) respectively.
Root server have information about TLD root servers, because recursive server not directly queried to TLD root server instead, the root servers direct queries to these servers as requests are processed. Obviously, this makes the functioning of the root name servers critical to the continued operation of the Internet. If the root name servers were taken off-line typical Internet communication would eventually stop. This is not to say that all communication on the Internet would stop, routing and other services that do not rely on DNS would continue functioning as expected. But services like mail, FTP, and HTTP would quickly become unusable as they rely so heavily on DNS.
After getting information from Root server the recursive server reached out to TLD root server that maintain the information about top level domain authoritative server. In order to explain what TLD is so the domain name www.example.com, the top-level domain is com. Responsibility for management of most top-level domains is delegated to specific organizations by the Internet Corporation for Assigned Names and Numbers (ICANN), which operates the Internet Assigned Numbers Authority (IANA), and is in charge of maintaining the DNS root zone.
Finally the recursive server reached out to authoritative server based on slave authoritative name server provided by TLD root server operated by ICANN, that provide the IP address of website www.zerosack.org and redirect to site content.
In order for every internet provider to have the correct routing information they all are in contact with a network of top-level Domain Name Servers that have the latest information and provide it to everyone else.
When you register your domain at the domain registrar like GoDaddy or Network Solutions, they create what are called Domain Zone Records. There are several different kind of Zone Records, but the two main ones are the A Record that tells website requests from a browser which ip address to go to, and MX (message exchange) Records that tell the ip address of the mail server that's handling the email for your domain. Often the same server handles both website and email, so the ip address would be the same in that case. But not always, in some cases for example you might have GoDaddy Managed WordPress Hosting for your website, but use a Microsoft Exchange server, or Google to manage your email service for your domain.
So you register your domain, create the Zone Records and then tell the Domain Name Server at your registrar to pass that information up to the top-level Domain Name Servers. Then after some period of time, every internet service provider in the world will contact those servers to get a refreshed update to their DNS tables. At that point you can get to your website or deliver email to you using your domain. This can take up to 24 hrs, but usually you will see results in an hour or two.
One last wrinkle in the DNS story. Instead of your domain registrar (the folks you pay to own your domain) keeping and updating the DNS Zone Records themselves, you can have them delegate that to a third party. This is done with something called Nameservers. Instead of all the Zone Records being kept by the registrar they just have a redirect to another company's servers. And that company sets up and maintains all the Zone Records for your domain.
That's how the DNS system works. In further article we are going to discuss in detailed components of DNS from recursive server to authoritative server.
If you find this article worth to you please hit kudos, comment, & share to your friends and family to make worth to us being writing technical articles. Thanks very much see you in next session.